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[57] 



ABSTRACT 



Method for controlling^he^use of a data-processing 
worksution%) by^asswordrcomprising;Storage of the 
password within the workstation and, at each initializa- 
tion of this latter, acquisition of a password proposition 
followed by a comparison of this proposition with the 
stored password. The password is stored in a con- 
trolled-erasure permanent memory unit. In order to 
release the workstation (1) in the event of loss of the 
password, provision is made for generation (Dl) of a set 
(36) of data associated with the blocked workstation, 
communication (D2) of part of these data by the user to 
an authorized service (S), supply (D3) in return by this 
sei^ice^o^coded^rele^^ata (43), acquisition (D4) of 
t^se-latter-by^the^M 

resulting, in the event of con^lianc^ifTerasurTof the 
initial password and in release of the workstation. Ap- 
plication in an industrial environment to control of the 
use of offline or network workstations. 

12 Claims, 1 Drawing Sheet 
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an authorized user. It is therefore necessary to provide 
PROCESS FOR THE CONTROL OF THE USE OF A the latter with a method of control which, in the event 
DATA PROCESSING WORK STATION BY A that the password should have been forgotten or lost, 
PASSWORD AND DATA PROCESSING WORK enables the user to gain further access to his workstation 
STATION USING THIS PROCESS 5 without any need to take action within the interior of 

the workstation. 

The present invention relates to a method for control- The object of the present invention is to overcome 
ling the use of a data-processing workstation by pass- these disadvantages by proposing a method for control- 
word. It also applies to a data-processing workstation ling the use of a data-processing workstation by pass- 
which carries out this method. 10 word, comprising a step of storage of a password within 

The considerable development of professional soft- the workstation and, at each initialization, a step of 
ware programs, in particular software programs em- acquisition of a password proposition emitted by a po- 
ployed in a network architecture environment, has in- tential user of the workstation followed by a step of 
evitably given rise to problems of security and control comparison of said proposition with the initially stored 
of access to data-processing workstations and problems 15 password which leads either to a step of permission to 
of control of the use of accessible software programs in use the workstation in the event of successful compari- 
a network. son or to a step of blocking of the workstation when the 

Methods already exist for the purpose of controlling above-mentioned acquisition and comparison steps have 
the use of a data-processing workstation by having been performed a predetermined number of times, 
recourse to a mechanical key and/or the presentation of 20 In accordance with the invention, the method of 
a password by the user. Other methods resort to the control is characterized in that, during the storage step, 
reading of a built-in microprocessor card held by autho- the password is stored in a controlled-erasure penna- 
rized users at a predetermined data-processing worksta- nent memory unit, in particular of the electrically eras- 
tion. These methods call for the use of a card reader able EEPROM type, and that it involves in addition a 
coupled to the workstation, which is a costly and com- 25 workstation release step involving generation by the 
plex device. workstation of a set of data associated with the blocked 

In present-day microcomputers with password- workstation, communication of part of said data by the 
protected access, in particular the PC-type compatible user to an authorized service, supply in return of coded 
microcomputers, the password is encrypted and stored release data by said authorized service and acquisition 
in a CMOS-technology permanent RAM memory con- 3d of said coded release data by the user on the worksta- 
tinuously supplied from a battery. This password is tion, thereby resulting, in the event of. compliance, in 
requested at the time of each initialization of the mi- erasure of the initial password and in release of the 
crocomputer prior to execution of the auto-execution workstation. 

program commonly referred-to as a "boot". These Thus, with the method in accordance with the ihven- 
methods of control in which the password is stored in a 35 tion, it is no longer possible to carry out a manual opera- 
battery-powered memory have a major disadvantage in tion of erasing of the password of a blocked workstation 
that they can be circumvented by erasing the content of and its release is subjected to an exchange of informa- 
this memory. Erasure can be obtained by opening the tion between the user and an authorized service, for 
casing of the central unit of the microcomputer, by example the manufacturer of the workstation or an 
gaining access to the permanent RAM memory, and by 40 approved distributor. This exchange of information 
disconnecting the power supply battery or by short -cir- guarantees identification of anyone who requests a re- 
cuiting the supply terminals of the RAM memory if lease operation and ensures that the person who is legiti- 
these latter are not protected by a diode. This operation mately in charge of the workstation has the possibility 
is performed either by an authorized user who has for- of using it again without any need for internal action, 
gotten the password associated with the workstation 45 In addition, the use of an EEPROM-type memory 
which he desires to use and decides to erase this forgot- makes erasing of the password a particularly complex 
ten password in order to actually gain free access to this operation since this- erasing operation cannot be per- 
workstation, or by an unauthorized third party for abu* formed simply by short-circuiting the supply as is in fact 
sive purposes or for illicit duplication of software pack- the case with battery-powered CMOS-type RAM mem- 
ages. On completion of such an operation which is rela- 50 ones but requires the generation of a programming 
tively simple but can last at least twenty minutes or so in signal having a predetermined voltage level, 
order to obtain erasure of the content of the RAM mem- In a preferred version of the invention, the step of 
ory if short-circuiting is not possible, the password is acquisition of a password proposition is carried out 
erased and it is then only necessary to re-connect the during an automatic execution step undertaken in re- 
battery. The microcomputer can then be re-started at 55 sponse to a data-processing workstation initialization 
the expense, however, of re-writing of the configuration order. 

which has inevitably been erased at the same time as the Thus the control of the use of the workstation is 
initial password. carried out each time it is turned-on, even before the 

Manufacturers of microcomputers have of course user can gain access to any functionality offered by or 
taken steps to prevent access to the interior of the mi- 60 via the terminal. This acquisition step is therefore an 
crocomputer by placing a mechanical lock which integral part of the autotest procedure normally carried 
makes it possible to lock the casing containing the cen- out within a microcomputer under the control of its 
tral unit. Two keys are usually supplied to the autho- BIOS basic input/output system, 
rized user of the data-processing workstation. According to another aspect of the invention, the 

However, the possible loss of the keys by the user and 65 data-processing workstation which carries out the 
the possibility of violating mechanical locks of this type method in accordance with the invention and comprises 
with fairly great ease make this type of password con- within a casing a control and processing unit, at least 
trol relatively ineffective and a cause of constraints for one memory unit which is accessible solely for reading 
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and is especially of the ROM type, means for storage on . the microcomputer, preferably in encrypted form. In an 
a magnetic medium and especially a hard disk, visual effective form of construction, the EEPROM memory 
display and acquisition means consisting in particular of 8 has a capacity of 16 words of 16 bits and communi- 
a keyboard, said means for storage on a magnetic me- cates with the microprocessor 4. 
dium being intended to contain the system for operation 5 The different phases of the method of control in ac- 
of the workstation and the memory unit being intended cordance with the invention will now be described with 
to contain the basic input/output system of the worksta- reference to the screen-pages illustrated in FIG. 2. 
tion, is characterized in that it comprises in addition a At the time of turn-on of re-initialization of the mi* 
controlled-erasure permanent memory unit, especially crocomputer 1, an autotest screen-page 10 appears on 
of the electrically-erasable EEPROM type, connected 10 the screen 7 as a result of the performance of an initial- 
to the control and processing unit, this controlled -eras- ization program contained in the BIOS basic input/out- 
ure permanent memory being so arranged as to contain put system. In addition to the items of information 11 at 
a password for controlling the use of the workstation the workstation, there appears in this screen-page 10 a 
and that the basic input/output system is adapted to request 12 for entry of a password proposition. The 
initiate, at the time of an initialization of the workstation IS workstation user then types on the keyboard 13 the 
by a user, the display on the visual display means of an password which he holds. The microcomputer 1 re- 
autotest screen-page comprising a password-entry re- cords these keystrokes in a semi-blind mode and dis- 
quest and, in the event of non-presentation of said pass- plays a graphic character on completion of each key- 
word, the display of a blocking screen-page which pres- stroke in order to enable the user to follow the number 
ents data associated with the blocked workstation and a 20 of characters typed. This constitutes part of the acquisi- 
request for entry of a release code, tion step B. 

Other particular features and advantages of the in- It should be noted that, if no password has previously 
vention will also become apparent in the description been defined and stored, no password entry request is 
given hereinafter. In the accompanying drawings made at the time of initialization of the microcomputer 
which are given by way of non-limitative example: 25 and it is therefore free for use. 

FIG. 1 is a simplified illustration of a data-processing If a password is in fact stored in the EEPROM mem- 
workstation which carries out the method in accor- ory 8, the user is permitted to carry out three acquisition 
dance with the invention; tests. Should they prove unsuccessful, the microcom- 

FIG. 2 illustrates schematically the three screen- puter is then blocked (step Dl) and a blocking screen- 
pages for autotest, configuration and blocking which 30 page 30 is generated. On completion of each acquisition 
are employed in the method according to the invention; step B, a comparison step C is carried out between the 

FIG. 3 is a synoptic view of a mode of execution of password proposition entered by the user and the pass- 
the releasing steps performed with the method in accor- word actually stored in the EEPROM memory 8. The 
dance with the invention. passwords are preferably encrypted in accordance with 

There will now be described a particular form of 35 an encryption algorithm of the type currently employed 
execution of the method of control in accordance with in the field of control of access to protected informa- 
the invention at the same time as a data-processing tion. If the password proposed by the user corresponds 
workstation to which this method is applied. to the stored password, a step D of permission to use the 

Reference being made to FIG. 1, consideration is workstation is undertaken: the autotest screen-page 10 
given to a data-processing workstation, for example a 40 disappears in order to be replaced either by the wel- 
microcomputer 1 of the compatible PC or PS type, on come pages of a software package preferably associated 
which an authorized user processes one or a number of with the workstation concerned or by the usual orders 
software programs in a single-station mode or within a of the processing system. 

network of workstations. The microcomputer 1 usually During a session of utilization of the data-processing 
has a casing 9 containing in particular a mother-board 6, 45 workstation 1, the user has the possibility either of intro- 
and units for storage on a magnetic medium, for exam- ducing a new password or of modifying the existing 
pie a hard disk 2 and a floppy-disk reader 3 which are password by initiating a password storage step A. To 
connected to the mother-board 6, a monitor provided this end, the user must request the operation of a 
with a display screen 7 and a keyboard 13 which per- SETUP configuration utility software program which 
mits in particular the acquisition of data and orders. 50 is provided in the majority of present-day computers 
The mother-board 6 essentially includes a micro- but which has been modified to meet the requirements 
processor 4 which carries out the functions of control of the invention. This utility software program is in fact 
and processing and the power of which determines the adapted so as to propose to the user an option for entry 
performances of the workstation 1 and a permanent of a new password. This is realized by the presence, 
memory 5 which is accessible solely for reading, espe- 55 within a configuration screen-page 20, of an invitation 
daily of the ROM type, in which is written the basic 22 to enter a new password next to items of information 
input/output system of the microcomputer commonly and orders 21 which are specific to the SETUP utility 
designated as BIOS, and which ensures execution of a software program. This latter can be stored in execut- 
sequence of autotest and initialization in response to an able form either in the permanent memory 5 of the 
initialization order undertaken, either by turning on the 60 microcomputer or within the DOS operating system in 
microcomputer or by specific action by the user on the the hard disk 2. 

keyboard. In the event of blocking Dl of the microcomputer 1 

The mother-board 6 also includes a permanent mem- as a result of several unsuccessful attempts to enter a 
ory 8 which provides controlled erasing, for example an password, for example more than three attempts, a 
electrical-erasure memory of the EEPROM type (pro- 65 blocking screen-page 30 is displayed. This blocking 
grammable memory which can be accessed solely for screen-page 30 comprises, in addition to a message in- 
reading and is electrically erasable) which is intended in forming the user that blocking of the workstation has 
accordance with the invention to store the password of taken place as a result of loss of the password, a number 
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of data associated with the blocked workstation includ- It must be noted in addition that the passwords are 
ing the serial number 33 of the workstation 1, a random preferably encrypted within the data-processing work- 
code 32 which depends neither on the hour nor on any station 1 in accordance with a predetermined encryp- 
other parameter which can be controlled by the user, tion algorithm before being stored in the EEPROM 
and the coordinates 31, especially telephone coordi- 5 memory 8. The algorithm is contained in executable 
nates, which provide the authorized service with access form in the permanent memory 5 which contains the 
to release of the workstation concerned. The blocking BIOS system. 

screen-page 30 comprises in addition a message inviting The present invention is of course not limited to the 

the user to enter via the keyboard 13 a release code 34 examples which have just been described and many 

which will be supplied to him by the authorized service 10 alterations can be made in these examples without de- 

in exchange for the serial number 33 and the random parting from the scope of the invention, 

code 32 which must be communicated to this service by Thus the method in accordance with the invention 

the user. can be applied to many types of workstations, whether 

Reference being made to FIG. 3, there will how be the y ' m fwcd or portable, off-line or within a network 
described the different phases of step D for releasing the 15 which 0911 sin 8 le or multiple. Furthermore, depend- 
workstation 1. In more general terms, it is considered »S on future advances made in integrated-circuit tech- 
that the blocked workstation 1 is connected in a net- nolo S v ' consideration can be given to types of perma- 
work 50 to other data-processing workstations 51, 52, nent memory other than the electncjally-wasable mem- 
53 which may also be endowed with the same method orv «»Pl°y*> m fhe example described. Finally, it is 
ofcontrol in accordance with the invention. The gener- 20 possible to conceive any arrangement of the screen- 
ation Dl of the blocking screen-page has supplied the Pfges of the method is regard to the language em- 
user with the random code 32 to be communicated and P 10 ?^' ^ characters, colors, and codes chosen for the 
the serial number 33 of the workstation concerned. The de *f" ° f these **een-pages. 
user transmits from his work site U to the authorized „ , 5 J H^lr * n ^ * 
service S a set of data comprising the random code 32, 25 ^ Method for controlling the use of a data-proce^ing 
theserialnumber33andhis^ workstation (1) by password, compnsmg a step (A) of 
u:, _ *u — f • storage of a password within the workstation (1) and, at 
his nam =, the corpora e name ofhis firm, or a telephone ^^Son of this latter, a step (B) of acquisition 
number for subsequent recall. This communication step of a rd proposition emitted ^potential user of 
D2 can be performed by telephone, facsimile transmis- ^ ^dWkiutiii (^followed by a step(Q of compari- 
sion^telex or any other available commumcation means. ^ of ^ pro ^ sition ^ ^ initially stored pass- 

The authorized service S is equipped with a mi- word which leads eithcr to a st of permission to 
crocomputer 40 or any other equivalent control and use ^ workstation (1) m th c ev ^ t 0 f successful corn- 
processing unit on winch is installed a release utility or to ft st of blockijJ of ^ workstation (1) 
package, access to this latter being governed by the 35 which the above-mentioned acquisition and comparison 
presentation of associated utilization nghts. By way of steps &) md (C) ^ ^ performed a predetermined 
example, the microcomputer 40 can be equipped with a nuirj t>er of times, characterized in that: 
key support 41 which can receive one or a number of during the storage stcp (A)j the password * store d in 
key modules 42 containing utilization rights. A device a CO ntrolled-erasure permanent memory unit (5), 
of this type is described, for example, in French patent 40 provision is made in addition for a step (D) for releas- 
Applications 90 061 12 and 90 061 13 of May 16th, 1990 fog tne workstation (1), involving generation (Dl) 
m the name of the present Applicant. by ^ workstation (1) of a set of data (31, 32, 33) 

An operator of the authorized service S enters the associated with the blocked workstation (1), corn- 
data communicated by the user and requested by the munication (D2) of part (32, 33) of said data by the 
release software. On the basis of the communicated 45 user to an authorized service (S), supply (D3) in 
data, this latter computes a release code 43 in accor- rc t urn by said authorized service of coded release 
dance with a particular algorithm. After supply D3 of Q^a (43) and acquisition of said coded release data 
the release code 43 in return to the user, the latter ac- (43) by the user on the workstation (1), thereby 
quires the release code during an acquisition step D4 resulting, in the event of compliance, in erasure of 
whilst the blocking screen-page 30 is still present on the 50 the initial password and in release of the worksta- 
screen. The software program associated with the re- tion (1). 

lease step D is included in the permanent memory 5 2. Method in accordance with claim 1, characterized 

within the BIOS basic input/output system. This soft- in that the acquisition step (B) is carried out during an 

ware program compares (if necessary after encryption) automatic execution step undertaken in response to an 

the acquired release code 43 with a reference code 53 order for initialization of the data-processing worksta- 

which is computed locally at the level of the blocked tion (1). 

workstation on the basis of serial number and random 3. Method in accordance with claim 1 or claim 2, 

code data and which is inaccessible to the user. If the characterized in that the initial step (A) of storage of a 

release code is compliant, the workstation 1 is in fact password is carried out during execution of a configura- 
released and the blocking screen-page 30 disappears in 60 tion utility program (SETUP), 

order to be replaced either by the welcome pages of the 4. Method in accordance with claim 1 characterized 

application package which is preferably associated with in that the set of data associated with the blocked work- 

the workstation 1 or by writing of operating system station (1) comprises a random code (32) and a serial 

orders by the user. Release of the workstation 1 is per- number (33) of the data-processing workstation (1). 
formed by erasing the password which is present within 65 5. Method in accordance with claim 1 characterized 

the EEPROM memory 8. Non-compliance of an ac- in that the password of the data-processing workstation 

quired release code has the effect of keeping the work- (1) can be modified at any moment during a normal 

station in a blocked situation. work session by execution of a password modification 
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step included in the configuration utility program comprising a password-entry request and, in the event 

(SETUP) as a result of a reintroduction of the password of non-compliance of the typed password, the display of 

to be modified. a blocking screen-page (30) which presents data (31, 32, 

6. Method in accordance with claim 1, characterized 33) associated with the blocked workstation and a re- 
in that the coded release data (43) are generated from 5 quest for entry of a release code (34). 

data (36) communicated by the user by execution of a 9. Data-processing workstation (1) in accordance 

protected release software program installed on control with claim 8 and equipped with a configuration utility 

and processing means (40), execution of said protected software program (SETUP), characterized in that this 

release program being governed by the presentation of configuration utility software program (SETUP) is 

utilization rights associated with said software program. 10 adapted to control the display or the means (7) for dis- 

7. Method in accordance with claim 1 characterized play of a configuration screen-page (20) comprising a 
in that the data associated with the blocked workstation request for entry of a new password by the user of the 
also comprise coordinates for contacting the authorized data-processing workstation (1) and to encrypt said new 
service (S). password in accordance with a predetermined encryp- 

8. Data-processing workstation (1) which carries out IS tion algorithm and to store it in the controlled-erasure 
the method in accordance with claim 1 and comprises permanent memory unit (8). 

within a casing (9) a control and processing unit (4), at 10. Data-processing workstation (1) in accordance 

least one memory unit (5) which is accessible solely for with claim 9, characterized in that the adapted configu- 

reading, local means or means accessible via a network ration utility software program (SETUP) is stored in 

for storage, visual display means (7) and acquisition 20 executable form in the permanent memory unit (5). 

means (13), said means for storage on a magnetic me- 11. Data-processing workstation in accordance with 

dium (2, 3) being intended to contain the operating claim 9, characterized in that the adapted configuration 

system (DOS) of the workstation (1), and the permanent utility software program (SETUP) is stored in execut- 

memory unit (5) being intended to contain the basic able form by the operating system in a local or distant 

input/output system (BIOS) of the workstation (1), 25 storage unit. 

characterized in that it comprises in addition a con- 12. Data-processing workstation (1) in accordance 

trolled-erasure permanent memory unit (8) connected with claim 1, characterized in that the basic input/out- 

to the control and processing unit (4), this controlled- put system (BIOS) is so arranged as to encrypt in accor- 

erasure permanent memory unit (8) being so arranged as dance with a predetermined encryption algorithm a 

to contain a password for controlling the use of the 30 password proposition entered from acquisition means 

workstation (1) and that the basic input/output system (13) by the user and to compare said encrypted proposi- 

(BIOS) is adapted to initiate, at the time of an initializa- tion with the encrypted password stored in the con- 

tion of the workstation (1) by a user, the display on the trolled-erasure permanent memory unit (5). 

visual display means (7) of an autotest screen-page (20) * * * * * 
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